On Fri, 19 Jun 2009, Pascal Hambourg wrote:
>> I have multiplexe serial device which establish a ppp connection to a
>> linux box. All these devices use the same IP 192.168.0.32. Now my problem
>> is how I can setup my computer so, that I'm able to access all these
>> device same time:
>>
>> - Modifying routing tables
>> - Setting up packet filtering with iptables
>> - ...
>>
>> Best would be, if a static set of rules could be used, so that I can map
>> device on ppp0 to 10.0.1.1 and device on ppp1 to 10.0.2.1 and so on.
>
> You'll need iptables and advanced routing (iproute).
>
> 1) For each interface ppp$n, extract n.
>
> 2) With iptables, MARK packets to 10.0.$[$n+1].1 with mark $[$n+1] and DNAT
> them to 192.168.0.32.
>
> iptables -t mangle -A OUTPUT -d 10.0.$[$n+1].1 -j MARK --set-mark $[$n+1]
> iptables -t nat -A OUTPUT -d 10.0.$[$n+1].1 -j DNAT --to 192.168.0.32
>
> 3) With iproute, route packets with mark $[n+1] via ppp$n.
>
> ip rule add fwmark $n lookup $[100+$n]
> ip route add default dev ppp$[$n-1] table $[100+$n]
>
> All but the "ip route" command can be "preloaded" before ppp interfaces come
> up. The "ip route" command can be automatically run when the related ppp
> interface comes up by /etc/ppp/ip-up or a script in /etc/ppp/ip-up.d/. The
> route is automatically deleted when the related interface comes down
Thanks a lot. I switched to using 10.0.0.1 for ppp0 (so the +1 and -1
vanish). Your description was nearly perfect, only the
iptables -t nat -A POSTROUTING -d 192.68.0.32 -j SNAT --to 192.168.0.1 was
missing, so the packets have correct source IP address.
You saved me a lot of work, as I think it would have taken some time until
I would have found the MARKing and the more complex ip route/ip rule
stuff.
Maybe I continue this to make the 10.0.x.x available from outside the box
as well, but this is trivial :-)
Ciao
--
http://www.dstoecker.eu/ (PGP key available)
Similar Threads
Linear Mode
